BootPlus code issues and vulnerabilities

BootPlus is a permission management framework developed by JoeyBling. The BOOTP Turbo 2.0.0.1253 version has code vulnerabilities; these vulnerabilities stem from service path configurations in Windows services that lack quotation marks, potentially allowing arbitrary code to be executed...

EUVD-2025-1821

Malicious code in bioql PyPI...

EUVD-2025-1827

Malicious code in bioql PyPI...

EUVD-2025-1829

Malicious code in bioql PyPI...

EUVD-2025-1822

Malicious code in bioql PyPI...

EUVD-2025-1826

Malicious code in bioql PyPI...

EUVD-2025-1824

Malicious code in bioql PyPI...

EUVD-2025-1828

Malicious code in bioql PyPI...

CVE-2025-7488

A vulnerability has been found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can b...

CVE-2025-7488

The CVE-2025-7488 entry concerns JoeyBling SpringBoot_MyBatisPlus (up to a6a825513bd688f717dbae3a196bc9c9622fea26). The vulnerability resides in the Download function handling the /file/download endpoint, where manipulating the Name argument enables path traversal. It is described as remotely exp...

CVE-2025-7488 JoeyBling SpringBoot_MyBatisPlus download path traversal

A vulnerability has been found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can b...

CVE-2025-7488 JoeyBling SpringBoot_MyBatisPlus download path traversal

A vulnerability has been found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26 and classified as critical. This vulnerability affects the function Download of the file /file/download. The manipulation of the argument Name leads to path traversal. The attack can b...

CVE-2025-7487

The CVE-2025-7487 entry concerns JoeyBling SpringBoot_MyBatisPlus, specifically the SysFileController in /file/upload. The vulnerability arises from improper handling of the portraitFile argument, enabling unrestricted file uploads and remote exploitation. Public disclosures exist, but the exact ...

CVE-2025-7487 JoeyBling SpringBoot_MyBatisPlus upload SysFileController unrestricted upload

A vulnerability, which was classified as critical, was found in JoeyBling SpringBootMyBatisPlus up to a6a825513bd688f717dbae3a196bc9c9622fea26. This affects the function SysFileController of the file /file/upload. The manipulation of the argument portraitFile leads to unrestricted upload. It is...

PT-2025-29343 · Unknown · Joeybling Springboot Mybatisplus

Name of the Vulnerable Software and Affected Versions: JoeyBling SpringBoot MyBatisPlus versions prior to a6a825513bd688f717dbae3a196bc9c9622fea26 Description: A critical vulnerability exists in the SysFileController function located at /file/upload within JoeyBling SpringBoot MyBatisPlus...

CVE-2025-0703

A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads ...

CVE-2025-0702

A vulnerability classified as critical was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This vulnerability affects unknown code of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument portraitFile leads to unrestricted...

CVE-2025-0704

A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource...

CVE-2025-0698

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. It has been classified as critical. Affected is an unknown function of the file /admin/sys/menu/list. The manipulation of the argument sort/order leads to sql injection. It is possible to launch the...

CVE-2025-0706

A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely...